Lets Explore Site with GovCMS



What is GovCMS?

GovCMS is a Drupal distribution that built using Drupal core along with additional software such as themes, modules, libraries, and installation profiles to enable the quick creation of Australian government websites.

Why use GovCMS?

GovCMS aim is to provide a single solution for unclassified websites using a common codebase and a shared feature set on a scalable and secure list infrastructure.This reduces the technology and compliance burden on government agencies while providing a more cost-effective option for managing websites, allowing agencies to focus on providing high quality content and services to people. You can join in the conversation at the govCMS online Community and be kept up to date on what's happening with the program including events and meetups.

How to use GovCMS?

Currently GovCMS support Drupal 7 & 8 version

Drupal 7: https://www.drupal.org/project/govcms
Drupal 8: https://www.drupal.org/project/govcms8

Development of GovCMS is currently occurring over at GitHub

GovCMS7: https://github.com/govcms/govcms
GovCMS8: https://github.com/govcms/govcms8


Installation - End User

You can download the GovCMS from the above URL and Install on your server as like normal Drupal site

Via Composer Create-Project

Composer will create a new directory called govCMS8 containing a docroot directory with a full govCMS code base therein.

composer create-project --stability dev --prefer-dist govcms/govcms8-project govCMS8

Composer create-project is the same as doing a git clone, followed by a composer install.

Installation from source

git clone -b 1.x git@github.com:govCMS/govCMS8.git
cd govCMS8
composer install


Then develop the site according to your requirement. You can download the GovCMS supported contributed modules from here.



In GovCMS before deployment we need to check our code & security standards and fixed the bugs for IRAP assessment

IRAP stands for Information Security Registered Assessors Program. An IRAP assessor assesses the implementation, appropriateness and effectiveness of your system’s security controls.

The assessment is achieved through two audit stages:

    Stage 1 audit identifies security deficiencies which the system owner rectifies or mitigates
    Stage 2 audit assesses the residual compliance

More information about IRAP assessments.

Use a tool to fix these bugs.

I have used “Drutiny” https://github.com/drutiny/drutiny, With the help of this "Drutiny" tool, we have selected an existing profile coding standard and prepared automated site audit reports and corrected errors

Install Drutiny via composer
  composer require drutiny/drutiny

It generates the reports regarding following points.
 - Configuration development module is not installed
 - Cron last run
 - Cron running regularly
 - CSS aggregation is enabled
 - Database logging is not installed
 - Devel module is not installed
 - No duplicate modules found
 - Hide errors from screen (log only)
 - Core Fast 404 Enabled
 - Javascript aggregation
 - Kint module is not installed
 - Automated Cron module is not installed    medium
 - Backup and Migrate is not installed
 - No Experimental Modules in Use
 - Drupal Page cache expiry is set
 - PHP module is not installed
 - Shield module is not installed
 - Simpletest module is not installed
 - Statistics module is not installed
 - Unused modules in the codebase
 - Update module is not installed
 - Administrator login is locked down (uid:1)
 - User registration available to administrators only
 - Webprofiler module is not installed
 - Content Owned By Drupal's Anonymous User
 - Appendix - Successful Assessments

Drutiny Profile List


If you give an incorrect profile name, it shows this error


Drutiny Wrong Profile Error


Otherwise it generates the site audit report, Here is the "Drupal 8 Site Audit" profile report.


GovCMS Site Audit Report



And when all the bugs are fixed, you can submit the site audit report to the GovCMS Authorization Department and move your site from staging to production.




Add new comment